bin/49798: unzip: Infozip compatibility: file permissions

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/49798: unzip: Infozip compatibility: file permissions
From: Thomas Klausner <wiz%NetBSD.org@localhost>
Date: Mon, 30 Mar 2015 09:00:00 +0000 (UTC)

>Number:         49798
>Category:       bin
>Synopsis:       unzip: Infozip compatibility: file permissions
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Mar 30 09:00:00 +0000 2015
>Originator:     Thomas Klausner
>Release:        NetBSD 7.99.7
>Organization:
Curiosity is the very basis of education and if you tell me that 
curiosity killed the cat, I say only that the cat died nobly.
- Arnold Edinborough
>Environment:
	
Architecture: x86_64
Machine: amd64
>Description:
When unpacking zip files, NetBSD unzip is rather permissive and adds
e.g. executable bits to files. (The code is trying to work around issues
with included directories that don't have the x bit set and corresponding problems
when files should be unpacked there.)

The problem is that this sometimes affects files (not only directories) that
are installed via pkgsrc and then have the wrong permissions, about which
checkperms (i.e., a part of PKG_DEVELOPER=1) complains.
>How-To-Repeat:
Build e.g. security/py-keyring with PKG_DEVELOPER=1. See
warning: /scratch/security/py-keyring/work/.destdir/usr/pkg/lib/python3.4/site-packages/keyring-5.3-py3.4.egg-info/PKG-INFO: executable bit is set on non-executable file.
warning: /scratch/security/py-keyring/work/.destdir/usr/pkg/lib/python3.4/site-packages/keyring-5.3-py3.4.egg-info/SOURCES.txt: executable bit is set on non-executable file.
warning: /scratch/security/py-keyring/work/.destdir/usr/pkg/lib/python3.4/site-packages/keyring-5.3-py3.4.egg-info/dependency_links.txt: too small to be a valid executable file.
warning: /scratch/security/py-keyring/work/.destdir/usr/pkg/lib/python3.4/site-packages/keyring-5.3-py3.4.egg-info/entry_points.txt: executable bit is set on non-executable file.
warning: /scratch/security/py-keyring/work/.destdir/usr/pkg/lib/python3.4/site-packages/keyring-5.3-py3.4.egg-info/requires.txt: executable bit is set on non-executable file.
warning: /scratch/security/py-keyring/work/.destdir/usr/pkg/lib/python3.4/site-packages/keyring-5.3-py3.4.egg-info/top_level.txt: executable bit is set on non-executable file.

Can also be tested directly by unpacking keyring-5.3.zip, the distfile for that
package.

When unpacked with InfoZIP unzip:
# ll keyring-5.3/keyring.egg-info
total 50
drwxrwxr-x  2 wiz  users    512 Mar 30 10:54 .
drwxrwxr-x  4 wiz  users    512 Mar 30 10:54 ..
-rw-rw-rw-  1 wiz  users  35333 Feb 25 12:08 PKG-INFO
-rw-rw-rw-  1 wiz  users   1643 Feb 25 12:08 SOURCES.txt
-rw-rw-rw-  1 wiz  users      1 Feb 25 12:08 dependency_links.txt
-rw-rw-rw-  1 wiz  users     46 Feb 25 12:08 entry_points.txt
-rw-rw-rw-  1 wiz  users     37 Feb 25 12:08 requires.txt
-rw-rw-rw-  1 wiz  users      8 Feb 25 12:08 top_level.txt

When unpacked with NetBSD unzip:
# ll keyring-5.3/keyring.egg-info
total 50
drwxr-xr-x  2 wiz  users    512 Mar 30 10:55 .
drwxr-xr-x  4 wiz  users    512 Mar 30 10:55 ..
-rwxrwxr-x  1 wiz  users  35333 Feb 25 12:08 PKG-INFO
-rwxrwxr-x  1 wiz  users   1643 Feb 25 12:08 SOURCES.txt
-rwxrwxr-x  1 wiz  users      1 Feb 25 12:08 dependency_links.txt
-rwxrwxr-x  1 wiz  users     46 Feb 25 12:08 entry_points.txt
-rwxrwxr-x  1 wiz  users     37 Feb 25 12:08 requires.txt
-rwxrwxr-x  1 wiz  users      8 Feb 25 12:08 top_level.txt

>Fix:
Please!

>Unformatted:

Prev by Date: NetBSD Nightly Trouble Ticket Report
Next by Date: Re: bin/49798: unzip: Infozip compatibility: file permissions
Previous by Thread: Re: kern/49788 (vlan(4) extra padding)
Next by Thread: Re: bin/49798: unzip: Infozip compatibility: file permissions
Indexes:

Home | Main Index | Thread Index | Old Index